Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | libxml2 security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2521 | First vendor Publication | 2012-08-04 |
| Vendor | Debian | Last vendor Modification | 2012-08-04 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze5. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 2.8.0+dfsg1-5. We recommend that you upgrade your libxml2 packages. |
Original Source
| Url : http://www.debian.org/security/2012/dsa-2521 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18162 | |||
| Oval ID: | oval:org.mitre.oval:def:18162 | ||
| Title: | USN-1587-1 -- libxml2 vulnerability | ||
| Description: | Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1587-1 CVE-2012-2807 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20171 | |||
| Oval ID: | oval:org.mitre.oval:def:20171 | ||
| Title: | DSA-2521-1 libxml2 - integer overflows | ||
| Description: | Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2521-1 CVE-2012-2807 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20612 | |||
| Oval ID: | oval:org.mitre.oval:def:20612 | ||
| Title: | VMware vSphere security updates for the authentication service and third party libraries | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-2807 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21578 | |||
| Oval ID: | oval:org.mitre.oval:def:21578 | ||
| Title: | RHSA-2012:1288: libxml2 security update (Moderate) | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1288-01 CESA-2012:1288 CVE-2011-3102 CVE-2012-2807 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23288 | |||
| Oval ID: | oval:org.mitre.oval:def:23288 | ||
| Title: | DEPRECATED: ELSA-2012:1288: libxml2 security update (Moderate) | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1288-01 CVE-2011-3102 CVE-2012-2807 | Version: | 14 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23945 | |||
| Oval ID: | oval:org.mitre.oval:def:23945 | ||
| Title: | ELSA-2012:1288: libxml2 security update (Moderate) | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1288-01 CVE-2011-3102 CVE-2012-2807 | Version: | 13 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27761 | |||
| Oval ID: | oval:org.mitre.oval:def:27761 | ||
| Title: | DEPRECATED: ELSA-2012-1288 -- libxml2 security update (moderate) | ||
| Description: | [2.7.6-8.0.1.el6_3.3 ] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-8.el6_3.3] - Change the XPath code to percolate allocation error (CVE-2011-1944) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1288 CVE-2011-3102 CVE-2012-2807 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-10-03 | Name : Fedora Update for libxml2 FEDORA-2012-13824 File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl |
| 2012-10-03 | Name : Ubuntu Update for libxml2 USN-1587-1 File : nvt/gb_ubuntu_USN_1587_1.nasl |
| 2012-09-27 | Name : Fedora Update for libxml2 FEDORA-2012-13820 File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl |
| 2012-09-22 | Name : CentOS Update for libxml2 CESA-2012:1288 centos5 File : nvt/gb_CESA-2012_1288_libxml2_centos5.nasl |
| 2012-09-22 | Name : CentOS Update for libxml2 CESA-2012:1288 centos6 File : nvt/gb_CESA-2012_1288_libxml2_centos6.nasl |
| 2012-09-22 | Name : RedHat Update for libxml2 RHSA-2012:1288-01 File : nvt/gb_RHSA-2012_1288-01_libxml2.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2521-1 (libxml2) File : nvt/deb_2521_1.nasl |
| 2012-08-09 | Name : Mandriva Update for libxml2 MDVSA-2012:126 (libxml2) File : nvt/gb_mandriva_MDVSA_2012_126.nasl |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-02-07 | IAVM : 2013-A-0031 - Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0036787 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0001_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1627-1.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxslt_20130716.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1324.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-501.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-355.nasl - Type : ACT_GATHER_INFO |
| 2014-01-23 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_1_4.nasl - Type : ACT_GATHER_INFO |
| 2014-01-23 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_1_4_banner.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_1022489_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_1_2.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_1_2_banner.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_6_0.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-134.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1288.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-056.nasl - Type : ACT_GATHER_INFO |
| 2013-02-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0001.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-120718.nasl - Type : ACT_GATHER_INFO |
| 2012-09-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1587-1.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13824.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13820.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1288.nasl - Type : ACT_GATHER_INFO |
| 2012-09-19 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120918_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-09-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1288.nasl - Type : ACT_GATHER_INFO |
| 2012-09-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-8235.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-126.nasl - Type : ACT_GATHER_INFO |
| 2012-08-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2521.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:31:15 |
|
| 2013-09-27 21:23:26 |
|
